Everyone.
Yesterday i did good of my experiment with nginx, but suddenly my nginx was suddenly error (can't reboot or stop or start) and i had to reinstall it.
But i forgot the code.
So the .conf would help you process to the other web. for Example :
My IP Server : 192.302.xx.xxx
I set listen port to : 3000
I only type 192.302.xx.xxx:3000 and then my ip would show up the proxy pass for example watching youtube, it would become like this 92.302.xx.xxx:3000/v=watch?4hnb32yh even it linked when i press the button in my ip, even the blocked site from my local gov. all i need is only change the proxy pass. For example : Adult Videos Site, etc (Except site that reverse proxy like cloudflare one)
And today i want to recreate that one but it fails, these are my code
upstream backend_mirrors {
server anotherwebsite1.id;
server anotherwebsite2.com;
}
server {
listen 3000;
listen [::]:3000;
server_name 192.302.xx.xxx;
return 301 https://website_that_i_want_togo/$request_uri$is_args$args;
}
server {
listen 433 ssl;
listen [::]:433 ssl;
server_name 192.302.xx.xxx;
ssl_certificate "/etc/letsencrypt/live/myservername/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/myservername/privkey.pem";
#include /etc/letsencrypt/option-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
ssl_session_timeout 1d;
ssl_session_tickets off;
location / {
resolver 8.8.8.8;
mirror /mirror;
mirror_request_body on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://website_that_i_want_togo/;
}
location /mirror {
internal;
proxy_pass https://givesometraffictootherwebsites/;
proxy_set_header X-SERVER-PORT $server_port;
proxy_set_header X-SERVER-ADDR $server_addr;
proxy_set_header HOST $http_host;
proxy_set_header X-REAL-IP $remote_addr;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
What i want to :
192.138.xx.xxx:3000 but i can open some other website like blocked websites from domain sites.
But the ip address still with it when i change to other page
192.138.xx.xxx:3000/search but it still full function like the website that i put in proxy_pass
But what my code do :
It's auto redirect to proxy_pass sites even the header changed
Related
I am running an Nginx server and several services in jails. I have two TLDs, one old and one new. For the new TLD I have added a new jail with a new service (wordpress). I added a new server block to my reverse proxy. Accessed locally, bypassing the reverse proxy, wordpress works fine. All PHP executes correctly.
However, accessed through the reverse proxy, using the new TLD, any attempt to navigate to a .php file returns a 404 error. Note that the site itself is working and php is properly executing; the issue only arises if you try to navigate to a .php directly. This is problematic, for example, because you can't access the login page. In fact, you can't even navigate to index.php, even though going to domain2.com itself works, domain2.com/index.php fails.
These are the server blocks from my nginx.conf:
#Domain2
server {
server_tokens off;
listen 80;
server_name www.domain2.com domain2.com;
return 301 https://$host$request_uri;
}
server {
server_tokens off;
listen 443 ssl;
server_name www.domain2.com domain2.com;
ssl_certificate /usr/local/etc/letsencrypt/live/domain2.com/cert.pem;
ssl_certificate_key /usr/local/etc/letsencrypt/live/domain2.com/privkey.pem;
#USE SECURE PROTOCOLS
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
#DEFINE ACCESS LOG LOCATION
access_log /var/log/nginx/access_domain2.log;
#PASS PHP TO FASTCGI
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
include fastcgi_params;
}
#PROXY_SETTINGS
client_max_body_size 10m;
client_body_buffer_size 128k;
#Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
# Advanced Proxy Config
send_timeout 5m;
proxy_read_timeout 240;
proxy_send_timeout 240;
proxy_connect_timeout 240;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_http_version 1.1;
proxy_pass http://192.168.1.253;
}
error_page 401 403 404 /404.html;
#redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/local/www/nginx-dist;
}
}
I fixed this by commenting out the "pass php to fastcgi" which was apparently redundant.
I have nodejs and react app in different folders. I need a php folder too but when i create a folder with php files in it. If i go to
https://mywebsite/rcon/index.php
shows 404 for them. Almost searching for a fix for 24 hours but cant fix it. Here my nginx default file.
error_log /var/log/nginx/error_log;
server {
listen 80;
server_name mywebsite;
return 301 https://$host$request_uri;
}
server { listen 443 ssl;
server_name mywebsite;
ssl_certificate /etc/letsencrypt/live/mywebsite/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mywebsite/privkey.pem; # managed by Certbot
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
location / {
root /home/ubuntu/staff/;
try_files $uri /index.html index /rcon/index.php /rcon/ index.htm index.nginx-debian.html;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
# With php-fpm (or other unixsockets):
fastcgi_pass unix:/var/run/php/php7.2fpm.sock;
# With php-cgi (or other tcp sockets):
# fastcgi_pass127.0.0.1:9000;
}
location /api {
proxy_pass http://myip:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /fivem {
proxy_pass http://myip:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
# Increase http2 max sizes
http2_max_field_size 64k;
http2_max_header_size 64k;
}
Hello I am trying to serve a php web application using Nginx PHP-FPM using a tcp socket on a remote host and a lighttd to serve static content on a remote server.
I succeed to link those three blocks but I have an issue to manage the interactions.
Here my Nginx proxy configuration
upstream xxxx-staging {
server xxxxx.com:81 fail_timeout=0;
}
server {
listen 80;
server_name xxxxxxx.com;
return 301 https://xxxxx.com$request_uri;
}
server {
listen 443 ssl;
server_name xxxxxx.com;
root /xxxxxx/public;
ssl_certificate /etc/nginx/ssl/xxx.com.pem;
ssl_certificate_key /etc/nginx/ssl/xxx.com.key;
access_log /var/log/nginx/xxx.access.log;
error_log /var/log/nginx/xxx.error.log error;
client_max_body_size 256m;
proxy_intercept_errors on;
error_page 404 = /index.php;
error_page 405 = 200$uri;
location = / {index index.php;}
location / {
proxy_pass http://xxxxx-staging;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
auth_basic "Please authenticate";
auth_basic_user_file /etc/nginx/passwords/xxxxxxx.com.passwdfile;
}
location ~ ^/index\.php$(/|$) {
fastcgi_pass xxxxx.com:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
}
}
When I removed error_page 405 = 200$uri; symfony is returning me a method post not allowed and when I put it nginx is returning me a 405.
I clearly missunderstand how the communication are established but don't know where I am wrong.
You are using auth_basic and auth_basic_user_file in the location / block. Am I right that you don't get a prompt to enter a password when you navigate to the side and get instead directly the 405 error?
I interpret the error to mean that an authentication is expected but doesn't happen. I would suggest to move auth_basic and auth_basic_user_file up one level in the server block. That way everything is covered and not only the one location block and you should get the password prompt.
upstream xxxx-staging {
server xxxxx.com:81 fail_timeout=0;
}
server {
listen 80;
server_name xxxxxxx.com;
return 301 https://xxxxx.com$request_uri;
}
server {
listen 443 ssl;
server_name xxxxxx.com;
root /xxxxxx/public;
auth_basic "Please authenticate";
auth_basic_user_file /etc/nginx/passwords/xxxxxxx.com.passwdfile;
ssl_certificate /etc/nginx/ssl/xxx.com.pem;
ssl_certificate_key /etc/nginx/ssl/xxx.com.key;
access_log /var/log/nginx/xxx.access.log;
error_log /var/log/nginx/xxx.error.log error;
client_max_body_size 256m;
proxy_intercept_errors on;
error_page 404 = /index.php;
error_page 405 = 200$uri;
location = / {index index.php;}
location / {
proxy_pass http://xxxxx-staging;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location ~ ^/index\.php$(/|$) {
fastcgi_pass xxxxx.com:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
}
}
I hope that helps you.
We receive error about "redirected you too many times." after changing the Wordpress from HTTP to HTTPS.
The WP is on AWS with Nginx and we have tried changing both define(home) and define(siteurl) in both database and wp-config file but no help.
Below is the current nginx config file, we also tried following some posts on Google to change HTTP to HTTPS, listening port to 443 but still no luck.
Thanks in advance.
server {
listen 443;
server_name wp.mywebsite.com;
server_name www.mywp.mywebsite.com;
include /etc/nginx/common_server_settings;
location /wp-content/ { root /var/www/mywp.mywebsite.com; }
location /wp-includes/ { root /var/www/mywp.mywebsite.com; }
set $no_cache 0;
# POST requests should always go to PHP
if ($request_method = POST) { set $no_cache 1; }
# Don't cache uris containing the following segments
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
set $no_cache 1;
}
# Don't use the cache for logged in users or recent commenters
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_logged_in") { set $no_cache 1; }
location / {
proxy_http_version 1.1;
proxy_set_header Host $http_host;
#proxy_set_header Host "mywp.mywebsite.com";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_hide_header X-Powered-By;
proxy_pass http://127.0.0.1:1080;
proxy_cache_bypass $no_cache;
proxy_no_cache $no_cache;
proxy_cache_lock on;
proxy_cache BLOG;
proxy_cache_valid 5m;
add_header X-Raw $no_cache;
}
}
proxy_set_header X-Forwarded-Proto http;
The headers are causing this redirect loop since the wordpress still thinks that it is being accessed using "http" scheme (because your reverse proxy server is not sending the correct scheme in the header.
It may be also possible that you need to make a change in wordpress config file so that it correctly detects the HTTPS. As described here:
Websites behind load balancers or reverse proxies that support HTTP_X_FORWARDED_PROTO can be fixed by adding the following code to the wp-config.php file, above the require_once call:
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
$_SERVER['HTTPS'] = 'on';
I use this type of config for proxying to https:
server {
listen 443 ssl;
server_name wp.mywebsite.com;
server_tokens off;
ssl on;
ssl_certificate /etc/nginx/ssl/cert.crt;
ssl_certificate_key /etc/nginx/ssl/cert.key;
ssl_protocols SSLv3 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
set $ssl off;
etag on;
if ($scheme = https) {
set $ssl on;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl $ssl;
proxy_pass http://127.0.0.1:1080;
proxy_read_timeout 90;
proxy_redirect http://127.0.0.1:1080 wp.mywebsite.com;
}
}
Also don't forget to force https:
server {
server_tokens off;
listen 80;
server_name wp.mywebsite.com;
return 301 https://wp.mywebsite.com$request_uri;
}
I just switched my PHP to run from Apache to FastCGI (via Plesk). Now every file I try to access on my domain that's not a php file (like css, images, html ...) gives a 404.
Any idea of what it could be?
vhost specific config file (/etc/nginx/plesk.conf.d/vhosts/mysite.com.conf):
#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.
server {
listen 99.99.99.99:443 ssl;
server_name mysite.com;
server_name www.mysite.com;
server_name ipv4.mysite.com;
ssl_certificate /usr/local/psa/var/certificates/certEbk3rnT;
ssl_certificate_key /usr/local/psa/var/certificates/certEbk3rnT;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 128m;
root "/var/www/vhosts/mysite.com/httpdocs";
access_log "/var/www/vhosts/system/mysite.com/logs/proxy_access_ssl_log";
error_log "/var/www/vhosts/system/mysite.com/logs/proxy_error_log";
location / {
proxy_pass https://99.99.99.99:7081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Accel-Internal /internal-nginx-static-location;
access_log off;
}
location /internal-nginx-static-location/ {
alias /var/www/vhosts/mysite.com/httpdocs/;
add_header X-Powered-By PleskLin;
internal;
}
}
server {
listen 50.23.99.2:80;
server_name mysite.com;
server_name www.mysite.com;
server_name ipv4.mysite.com;
client_max_body_size 128m;
root "/var/www/vhosts/mysite.com/httpdocs";
access_log "/var/www/vhosts/system/mysite.com/logs/proxy_access_log";
error_log "/var/www/vhosts/system/mysite.com/logs/proxy_error_log";
location / {
proxy_pass http://99.99.99.99:7080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Accel-Internal /internal-nginx-static-location;
access_log off;
}
location /internal-nginx-static-location/ {
alias /var/www/vhosts/mysite.com/httpdocs/;
add_header X-Powered-By PleskLin;
internal;
}
}
Requests of *.php files working because nginx transparent proxing it to apache, which catched by proper apache's vhost.
Statics files get 404 because:
proper nginx's vhost can't be found by nginx and request cathced by default vhost
or
there some another nginx vhost which catch all requests(wildcard subdomain *.mysite.com for example).
No any useful advices here, just revise all your nginx configs.